* includes AD in authentication check of TLS records
As per 5.2 of TLS 1.3 draft-28, the additional data is record header.
* tests: Update tests in order to support draft-28
* Interoperability: Updates NSS and BoringSSL versions to the
one supporting draft-28
* Bogo: Updates revision number to use tests for draft-28
* FIX: makefile was using test-compat target instead of
test-interop
* DC test: constify
* Use binary interface to encode in big-endian
* Changes tests so that they pass with draft-23
* BoringSSL interoperability: uses code at most recent commit. It uses
"-tls13-variant draft23" flag to indicate compatibility with draft23
* NSS interoperability: Uses release 3.35
* PicoTLS interoperability: blocked. Doesn't seem to implement draft23
* Uses updated bogo from
https://github.com/henrydcase/crypto-tls-bogo-shim
Goal of this PR is to rework testing script so that actual testing is
easy to extend and perform during development cycle.
* For interoperability testing I use python script and test framework,
instead of complicated bsah scripts. Script itself is not yet perfect
but it makes it much easier to extend tests and work with them during
development time
* Makefile has been extended and now includes all steps needed to build
the library and run tests. It's now possible to run any kind of tests
without exporting environment variables. Thanks to this change it is
stupid-easy to run any kind of tests.
* There are 3 kinds of tests implemented in the library - unittests,
interoperability tests and bogo. Travis has been changed and now
dashbord will show only results for those 3 targets.
Similar to boringssl, reuse the NSS client image for the NSS server test
against the tris client. Bump the NSS version to 3.34.1 gain support
for TLS 1.3 keylogging which is useful while debugging.
Adjust read check to fix intermittent NSS test failures:
https://github.com/cloudflare/tls-tris/issues/58
Prepare framework for testing tls-tris as client against other servers.
Currently only boringssl is implemented, but the idea is to add support
for others too (NSS, OpenSSL, picotls, tris, ...).
To test multiple certificate types, copy ecdsa.pem and rsa.pem from
tris-localserver for boringssl. The boringssl image is reused for the
server since the binaries were built anyway. Revision is bumped to
something to fix a build error and make the -loop and -www options work.
